ESET IT security experts revealed at the RSA 2020 conference that they discovered a major security flaw in Wi-Fi networks with WPA2 CCMP encryption. A flaw related to Broadcom and Cyrpress chips found in a very large number of devices. The “Krook” flaw therefore affects smartphones as well as tablets, laptops and connected objects from the most well-known brands; Samsung, Apple, Amazon, Google, Xiaomi or Asus and Huawei.
According to ESET researchers, the wifi security flaw concerns more than a billion devices, but also wifi access points. It would have been effective for several years, allowing hackers to claim many victims. At present, it is unclear whether hackers have actually exploited this vulnerability. The latter could recover confidential information.
Data at the mercy of hackers
The problem arose during the so-called “dissociation” phase, when a terminal suddenly disconnected from a wifi network. The Broadcom and Cypress chips then empty their memory buffer which keeps a rest of the data flow. It was then that things got complicated. The encryption keys weren't doing their job, so the data was sent unencrypted. Hackers could then easily catch them. They could also cause this data leak by forcing the dissociation of the terminal with the wifi network.
The researchers obviously contacted the manufacturers of the Broadcom and Cypress chips, who quickly released patches. These have been deployed by most manufacturers.
By the Web
WhatsApp: Phone numbers and private conversations accessible in a few clicks on Google
High-Tech
What you need to know about Wifi 6E, the future wireless standard
- Xiaomi
- Samsung
- High-Tech
- cybersecurity
- Wireless
- Huawei
- smartphone
- Apple
- Amazon
- Personal data